Monday, February 8, 2010

Citrix on Mac: A Fix for SSL Error 61


The IT department where I work changed the certificate for remote access via Citrix this past weekend.  Wheras previously I had no problem accessing the VPN using Citrix via Firefox on a Mac, it suddently stopped working.
I got the following error:

SSL Error 61:  You have not chosen to trust “Network Solutions Certificate Authority,” the issuer of the server’s security certificate.  Error number:  183


This was a puzzling error.  I checked my certificates under Firefox and it seemed to be correct.  The certificate appeared in my Keychain.  I tried adjusting the Trust settings for the certificate on Keychain, but that had no effect.  No one at IT was able to help me because they don’t have much Mac experience.  A Google search showed that this is a fairly common problem that can affect several different certificates (the one listed above is the one I had a problem with).  Unfortunately, none of the answers I found got me all the way to a fix.  I thought I would post my solution here to see if it helps anyone.

1.  Go to Keychain Access and find the certificate that is a problem (for me it was Network Solutions Certificate Authority, but it could be any of a number of certificates).

2.  Export the certificate to the desktop (right click/export) – it will appear as Network Solutions Certificate Authority.cer

3.  Go to the Citrix folder on the Mac and look for a keystore/cacerts folder.

4.   If the folder isn’t there, you will need to create it.  To do this, go to Applications/Citrix ICA Client.  Create the folder keystore (Right click/new folder).  Within that folder, create the folder cacerts.  The path will be Applications/Citrix ICA Client/keystore/cacerts

5.  Copy the certificate exported from Keychain earlier (Network Solutions Certificate Authority.cer) to the Applications/Citrix ICA Client/keystore/cacerts folder.  Some sources say you need to change the extension to .crt (so in the example, this would be Network Solutions Certificate Authority.crt), but that didn’t work for me. The .cer extension did.

Now you should be able to access the VPN through its usual website on Firefox.

For reference, I am using Citrix for Mac, version 10.00.603, and Firefox, version 3.6 on Mac OS X, version 10.6.2 (Snow Leopard).
Bookmark and Share
Posted by medgirl2001 at 2:08 PM
Labels: ,

2 comments:

  1. This is a very useful guide and I for one have bookmarked this as I have run into this problem when trying to work from home in the past! These SSL certificates can really give the browsers a headache when you just want things to 'work', cant they?

    ReplyDelete

  2. THANK YOU SOOOOOOOOOOOOOO MUCH!! After hours of wasted time, this was the solution. I REALLY appreciate it!!

    ReplyDelete

Subscribe to: Post Comments (Atom)